Closed GNSPS closed 6 years ago
That would be an option, but I am thinking it might be better to remove Mythril's source code input options altogether and leave the compiling and linking to the build environment. Otherwise, a lot of complicated logic has to be implemented and it will be difficult to cover the various types of imports etc.. This is high up on my list, just need to play more with Truffle and Dapp.
Just another update, you can now run Mythril in a Truffle project directory using myth --truffle
. This uses Truffle's compiler output, so dependencies are handled by Truffle.
This doesn't completely solve the issue, but IMHO we'll need to re-think the way that multiple input contracts are processed at some point.
Input files are now analyzed one-by-one. To scan linked contracts, deploy to blockchain and analyze with the a
and -l
flags.
This actually needs some more work. I discovered several issues when working on source code mapping. One special case that needs to be handled is multiple contract definitions in a single .sol file. The best option I see is allowing users to specify both filename and target contract name e.g.:
$ myth -x whatever.sol:WhatEver
Will be added soon.
I added the following behavior for solc files that contain multiple contracts.
This will analyze the last bytecode entry generated by solc:
$ /myth -x OmiseGo.sol
This will analyze the contract OMGToken
in the file OmiseGo.sol
:
$ /myth -x OmiseGo.sol:OMGToken
The title is pretty self-explanatory. 😄
The motivation for asking this is: Mythril doesn't currently handle the dependencies from Dapphub's
dapp
tool and when using a merger tool to solve dependencies (likesolidity-merger
) the contract being analyzed is always the last one (persolc
requirements). If we could specify the entry point the merging tools would be a working solution!